are-wordpress-websites-safe-from-hackersWordPress websites are always under attack. No, that’s not a euphemism or paraphrasing; they’re literally always under attack. Anywhere from hundreds to thousands are under attack on a daily basis, and approximately 70 percent of all WordPress installations are vulnerable to hacking. And there are times when WordPress has even more significant security scares, such as weaknesses in the WordPress framework, themes, or plugins which can make specific websites more vulnerable.

But that 70% mentioned above should be telling: WordPress might not be an impenetrable fortress to hackers, but there are absolutely some things WordPress users can do to help beef up their security. This can include everything from dual-authentication logins to modifying standard database designations just enough to thwart potential cross-site-scripting attacks.

WordPress Isn’t Alone

It’s not just WordPress that’s vulnerable, but many other popular frameworks. And many industry professionals are quick to point out that the more users any framework or application has, the more appealing a target group they can be to potential hackers. So, what are some of the other significantly vulnerable frameworks?


WordPress has approximately 3.5 times more users than Drupal or Joomla combined. This means that because there are a larger pool of potential ‘victims’, hackers are simply more likely to exploit WordPress users. Many sensitive government websites (including are built on Drupal because of this fact. Drupal’s smaller pool of third-party plugins and themes improve its security, and it offers in-house enterprise-level security solutions. So, at first brush, Drupal is more secure… but largely because it’s simply not as popular.


As with WordPress, most of Joomla’s security concerns either happen at the server level or thanks to third party modules like plugins or templates. As with WordPress, if a website owner is particularly diligent at screening these third-party code elements for security flaws, and make certain to regularly install updates to the framework, they shouldn’t see any noticeable difference in security concerns.

How Can You Secure Your Website?

No matter what framework your website happens to be using, there are plenty of easy and straightforward ways to add to its security. The most common sense of those is to utilize antivirus software and make sure that the website’s admin team uses best safe browsing practices even when they’re not working on the website. Infecting a website through safety negligence is just as common (and perhaps more so) than targeted hacking. It’s important to remember that safety begins with your everyday habits.

Another great trick is to beef up the security around your login information. Strong usernames and passwords, two-factor authentications, and limiting the IP addresses from which edits can be made to your website or hosting are all strongly recommended to keep your website hack-free. You can also reduce the access users have to executable forms or files.

The Bottom Line

WordPress sites, on their own, aren’t as safe from hackers as you might wish they were! But the same can be said of just about any website. In order to ensure your website is safe, whether it’s built on WordPress or any other framework, you’ll need to aggressively maintain high-security protocols.

Chief among those protocols should be to regularly update your framework, plugin, and theme files whenever there are updates available. Often these updates offer security patches and fixes. Ensuring that editing abilities of your website are enabled should help as well! Use two-factor logins and limit admin access to specific IP addresses. But don’t stop there; securing your hosting can also dramatically improve your website’s ability to withstand hackers. Keep your cpanel files updated and run a firewall for best results.